Assess Remote Work IT Security Risks
January 15, 2021
IT Security
To remain operational during the COVID-19 pandemic, many businesses have added or shifted IT resources to accommodate things such as virtual meetings, live streaming, online learning, business intelligence drive worn by machine learning, automated customer assistance, and more. Enabling employees to work remotely, in particular, has necessitated major changes.
In the rush to make these changes, however, a lot of organizations are now finding they may have weakened their IT security posture. They’ve opened themselves up to new vulnerabilities and/or exposed existing vulnerabilities.
Among the issues:
- Remote work has forced employee work computers, home networking devices, and children's school laptops to co-exist on the same network. As a result, companies can’t maintain basic security and defenses that would normally exist in an office environment.
- Companies without remote vulnerability scanning or remote patching capabilities can’t ensure patching is up to date or identify potential risks on the systems/devices used by employees to work remotely.
- Many security teams lack the resources and capabilities to log, monitor, and gain full visibility into the wide range of security threats facing remote workers.
- Employees may be using unauthorized software, applications, and other tools to making working remotely easier, even if it’s not secure.
Must-read: The Cloud, COVID-19 and What It All Means for Business
There’s a lot that needs to be done to remedy the situation. An assessment of the IT security risks is a good place to start. While they don’t cover everything, the questions that follow can help:
- What IT security practices and protocols do you have in place and are they applicable to your remote-work model and other new ways of doing business?
- Are there other risks, such as those of the operational or regulatory/compliance variety, that need to be addressed for your remote-work model or for other applications or IT systems that have been implemented during the pandemic?
- If you’re using Virtual Private Network (VPN) and/or Virtual Desktop Infrastructure (VDI), are they handling the large influx of connections? What security mechanisms are in place to ensure data privacy and security?
- Have you reviewed what your remote users can access, and do you have protocols and other tactics in place to manage access?
- Are you using multi-factor authentication?
- How well can your systems handle peak loads as well as outages?
- How are you handling security on employees’ own devices that they may use for accessing your systems and data?
- How do you confirm access revocation and reallocation when an employee’s job status changes?
- Are you monitoring employees’ use of devices and applications for file sharing, video conferencing, and collaborative work?
- Are you communicating frequently with your employees about security practices such as encrypting home routers and WIFI networks, immediately installing software updates, and abiding by data privacy rules?
- Do all machines have properly configured firewalls, including installed anti-malware and intrusion prevention software?
- Are you monitoring inactive computers left behind in the office? Are you reviewing third-party IT security risks, how your vendors are working securely at home, and what access they have to your systems?
- Are you managing the potential risks associated with relying on managed security service providers?
- Do you have vulnerability management and remote monitoring capabilities?
- If relevant, have you adjusted algorithms that detect threats and monitor identity and access in the remote work environment?
US Signal: Your Remote Work Enabler
Once you’ve assessed your current IT security approach as it pertains to remote work, consult with an IT services provider such as US Signal to determine how best to address the gaps and needs.
Beers with Engineers Recap - Lessons Learned from the Pandemic: Remote Work & Security
With both public and private cloud services and a comprehensive portfolio of data protection and managed security services, US Signal is well-positioned to help you ensure you have the right resources in place to accommodate a remote work model. Equally if not more important, US Signal can help you ensure the security of the systems and data involved.
Here are a few services to consider:
US Signal’s solution engineers can also help you design and implement a comprehensive IT solution that supports your remote work or other needs. To learn more, call us at 866.2.SIGNAL or email: [email protected]